Earlier this evening (Eastern Time) the Web sites for Microsoft UK, Microsoft Saudi Arabia and Microsoft Mexico were defaced by the group Prime Suspectz. This makes 9 times a Microsoft Web site has been defaced including other Microsoft global sites in Brazil and Slovenia.

The full list of past Microsoft targets have included:

msrconf.microsoft.com (a supposed retired MS server and the first recorded defacement of a Microsoft server) on October 24, 1999
http://www.attrition.org/mirror/attrition/1999/10/24/msrconf.microsoft.com/CMT/

Microsoft Brazil by IZ corp defaced June 3, 2000
http://www.attrition.org/mirror/attrition/2000/06/03/www.microsoft.com.br/

The Microsoft Events Server by someone unknown on November 11, 2000
http://www.attrition.org/mirror/attrition/2000/11/07/events.microsoft.com

Microsoft Slovenia (defaced twice) the first time by Furia.BR on December 14, 2000 and the second time by BoLoDoRiO 3 days later
http://www.attrition.org/mirror/attrition/2000/12/14/www.microsoft.si
http://www.attrition.org/mirror/attrition/2000/12/17/www.microsoft.si

Microsoft New Zealand was also defaced by Prime Suspectz on January, 23rd of this year:
http://www.attrition.org/mirror/attrition/2001/01/23/www.microsoft.co.nz/

CORRECTION:

Last month (April 2001) we had claimed that the Microsoft Greece Web site was defaced twice, first by Prime Suspectz and later by World of Hell (WoH). We were later informed that the domain www.microsoft.com.gr was owned by a man in Greece not by Microsoft and further research led to the true Microsoft Hellas (Greece) Web site at: http://www.microsoft.com/hellas/.

http://www.attrition.org/mirror/attrition/2001/04/20/www.microsoft.com.gr/
http://www.attrition.org/mirror/attrition/2001/04/27/www.microsoft.com.gr/

COMMENTS ON THE RECENT IIS 5.0 HOLE

While these 3 Microsoft Web sites and the previous NEC USA Web sites have all been running Windows 2000 and IIS 5.0, we will not say they are using the exploit (jill.c) for the recent IIS hole discovered by eEye until we have confirmation from the defacers themselves. Please do not ask - we will post something when we know.

ABOUT PRIME SUSPECTZ and OTHER GROUPS

Prime Suspectz is a group known for their regular campaign against Web sites of large multinational corporations including NEC USA (a short time ago) Nike Brazil, Panasonic Italy, BMW France, Chevrolet Argentina, Samsung South Africa, Nintendo Spain and many more. See our previous commentary on high profile foreign defacements for a full list -
http://www.attrition.org/security/commentary/hp-foreign-01.html

NEC USA
http://www.attrition.org/mirror/attrition/2001/05/03/www.nec.com/

Their targets aren't only limited to the foreign sites of multinational corporations. Yesterday Prime Suspectz defaced the Ford Motor Corporation's Media Web site.
http://www.attrition.org/mirror/attrition/2001/01/22/media.ford.com/

A full list of Prime Suspectz previous defacements are available at
http://www.attrition.org/mirror/attrition/psuspectz.html.

Prime Suspectz isn't the only group defacing high profile foreign sites. So far this year, sites for Canon Greece, Canon Turkey, and Xerox India have also been defaced. We expect to see this trend continue until these companies work to secure their global Web sites as well or better than their flagship portals.